Re: [bitcoindev] Penlock, a paper-computer for secret-splitting BIP39 seed phrases

["'Rama Gan' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>]

Hello Andrew,

Thank you for sharing your thoughts.

I think I fixed the biggest compatibility issues. Most browsers should now
display the documents correctly, but there still are issues when using the
"Print to PDF" feature. Chromium, Brave and Firefox do it well. With qutebrowser
5.x and 6.x, I get weirdly pixelated results and the wrong page margins. I'm not
sure yet if it is something that I can fix, or how it will look when actually
printing; I'll investigate further as soon as I can.

-   The "Generate a Seed Phrase" guide is useful for initializing a new hardware
    wallet that only supports BIP39. The guide and the worksheet only support
    the 12-word variant, because as you said grinding for the checksum is
    otherwise tedious. I guess I should add an explainer for that. I also expect
    that most Penlock users will already have a seed phrase and that's why I
    didn't mention this feature in the presentation.

-   About seedxor: I am not familiar with it, but it looks like something I'd
    want to dig in. About BIP39->binary conversion: even double-checking can't
    fully guarantee its correctness, so it can lead to dramatic failures.

-   About GF(27) being non-standard: the documents for analog computations will
    remain valid and available, so it's not like a software implementation that
    requires routine maintenance or might be discontinued.

-   Penlock implements arithmetic operations differently than Codex32. Additions
    and subtractions are implemented with a slider-wheel (only possible with
    GF(P)); Multiplications and "divisions" are done with volvelles. There is
    indeed a risk of using the slider-wheel in the wrong direction, and this is
    mitigated by 2-of-N not using additions at all.

-   An experienced user can compute a 12-words checksum in 4mins, and verify its
    correctness in 3 mins. Checksumming 24-word is quite doable, but then the
    difficulty comes with the shares derivation part that takes close to an hour
    and feels really tedious (again, for 24 words). For reference, an
    experienced user can secret-split a 12-words sentence in 45 minutes. A
    24-words sentence will more than double that due to getting tired and losing
    focus.

-   The 2-of-(N<=26) case is handled with a variant of Shamir's algorithm that
    can be fully implemented in a single wheel. I'm about to post a presentation
    that will go into more details about that. For (K>=3)-of-M cases there's
    indeed a recovery wheel, plus a volvelle that does translation+fusion on the
    same side (see: https://beta.penlock.io/kofm-wheels.html).

Best regards,
Rama Gan

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/GqYxqTBUgHl6yq1UAaOc2O9Ea4-5yKnM-jGZzGaKC19c-k3KcUN_Bo2e7XPYUrNaX3NMJC0tCMudgSl0_l1BCRUz4DIYBR1ecL2ifopzs98%3D%40proton.me.